new website : www.firewallleaktester.fr.st

That can only happen, if you use the default settings, because the default "allow DNS rule" applies to 'any application' (including Yalta...)

This glitch in Kerios default config has recently been reported as a security hole on major bug sites... although Kerio (as well as its default rules) is years old...

 

oh i see...

just to see it myself i will do the test

And about look'n'stop, what is your point of view regarding default settings? should update be seen as not default settings ?

regards,

gkweb.

 

Gkweb

Is your site not based on accuracy much as possible? I don’t see how Component Updating corresponds with Settings levels… Maybe you should make another chart in Reference to “Default Components” “Updated Components”, and I’m not only in Reference to Look ‘n’ Stop but all the Software Firewalls…

 

lol, you are right phantom

i will change in a few minute this little mistake

regards,

gkweb.

 

I have another pb (help me Phant0m!!) i do receive so many different results about the same leaktest, i will become mad

I think i will add a third icon on the results page which will mean "too much different results for now, pls wait" ! in addition of the "?" which is not an icon and which means "no result yet".

What do you think about it ?

regards,

gkweb.

P.S : @Jack, someone said me 10/10 for Outpost : AWFT, so : 5/10? 9/10? 10/10

 

Hey gkweb

The problem is that people are testing it under different circumstances; I wouldn’t go with that idea of yours it may be quite confusing. Best thing would be to get the results by yourself then you know what’s what, and if you don’t think you are suitable then find ones who are…

For Look ‘n’ Stop test results currently seems legit, however as for the other Software Firewalls I’m not sure…

 

For i can do all test myself i lack of two things :

first : need default web browser (can't define it on my comp by normal way... which prevent FireHole to launch)

second : buy AWFT

I will thinking about the second, but about the first no one never could help me (all standard way doesn't work).

This two things solved, i will be able to do all test myself...

regards,

gkweb.

 

For some unknown reason i can run AWFT all day long and the Number of executions left is always 10, an i'm not registered user either...

 

Hi Phant0m,

I think the idea behind "default settings" is just to test the firewall, as is, just after the user has installed it, just after having downloaded it from the official current location.
I think it's a good idea, because many users will use the Firewalls this way. I agree with gkweb that the current patch for Look 'n' Stop is not included in the standard version and even not available directly from our site, so not very easy to know and to install for most of the users.

So, no problem for me to wait for the version 2.05 of Look 'n' Stop to have a better score for the "default setting" case.

Perhaps the wording "default settings" needs to be changed in something like "out of the box".

Regards,

Frederic.

 

this time, i'm agree with Frederics... i'm feeling like a ball on ping-pong table

Indeed, the term "out of the boxe" is better than "default settings" and this is that i really wanted to say with hard to explain it.

All firewall will have the same criteria, so it's not so bad for those who disagree, and is better i think regarding results, it's more realistic.

Thanks for your opinion Frederics.

I think to apply definitly this idea, with "out of the box" instead of "default settings". In addition, it is easier to test out of the box firewall than firewall unchanged settings but + update.

right ?

regards,

gkweb.

 

Hey Frederic

Yea I know the idea behind it; just it wasn’t designed fully upon Informational Accuracy, as I explained why so…

Whatever you label it, anything is better then “Default Settings”…

Regards,

 

Please... I need more results from Win 9x/Millenium...

if we can help me, thanks.

regards,

gkweb.

P.S : i tested ZA 4 and it has same results than 3.5

 

Hi gkweb. There is something here that is starting to bother me.
When professional testing of products is done, all products are tested on the same machine setup by people qualified to use the products being tested and all testing is done under the same conditions.
You seem to be gathering information from people from all over the web and these people are going to be biased towards their product of choice.
I think it is very important for you to stress on your site the fact that this is not an evaluation of products based on acceptable, standard testing methods. The results individuals get is going to be determined by many factors on their own machines and they should know this.
It would not be fair to any product for someone to go to your site, look at the results and see results that state xyz program fails 4 out of 9 leak tests.
What you are doing is fine and may provide some useful information to people visiting your site, but they need to know under what conditions your test results have been obtained.
I hope you understand my concern here and do not take this as criticising your work, but as a suggestion to give people adequate information with which they can make informed decisions.

 

I'm not sure to fully understand that you want to say, but if it is that you are afraid that i read results on my mail box and then i put it on the site without testing it myself or by trusted friends, i don't work like this, it's wrong. I do myself test under same comp, same condition, one firewall installed each time alone, out of the bow results are easy, highest settings takes me more time.

If it's about how to do leaktest, it's fully explain on the results page.

In addition, i don't think that "Win 2000/XP" + "highest settings" + "text at bottom about how to do leaktest" could have a lot different factors, this is why results are split, this is why there is an "out of the box" results.

At the end, i can't point out what is wrong, i takes many hours to find right results, and you say me that they are wrong, not reliable, badly tested or anything else whereas from start, the website was built regarding strong and good results.
If you are complaining because teh website can't really define the best firewall because it's only take care of outbound filtering, you are right and this is what i say on the welcome page...
In addition people can test itself his firewall with leaktests downloadable and can discuss about there results on the forum!

You don't like some results? you thinks they are wrong? ok, send me an email with you OS, firewall settings, all that can lead me to do it myself too (i only works like this by mail) and if it's indeed wrong i will correct it.

If finally i'm wrong and it's because you think that i can't do professional work, no need to add more.

gkweb.

P.S : i edited my post to remove the most flamming part...

 

Hey gkweb

Easy bro, root was only sharing his opinion that Software Firewall Outbound Leak-testing should be done on one specific Machine and/or by those who are qualified to-do these tests then relying on majority of people’s results sent to you via Board & E-mails…

Regards,

 

So, i supposed not to be qualified for ?

All required "professional" parameters are together, so again, i can't see what is wrong.
(the specific machine is mine...)

And sorry but, it would be a joke if a firewall can only be good on a specific machine and failed on all standard machine lol, it would have Score of 0.

There is a contradiction also, "whose who are" (supposed) "qualified for" are firewall vendors right ? and do you really think that results from firewall vendors are reliable ? if it would be true, all firewall would pass all leaktest.

=> there is NO tests that i didn't do myself, is it better speaked like that ?
(i bought AWFT...)

regards,

gkweb.

 

Hello,

Take it easy Nobody is criticizing you work or ability and your site is usefull.

As you see how AV/AT tests are discussed (and the serious one do have a strong protocol) it would be nice to give the basic data about your config, provider, connection, etc...

Just take in consideration there are a lot of config : for instance some use pagers , servers, etc... ; some providers needs a kind of keep alive,(some give already a stealth result by filtering on their servers or filter some ports (In and/or Out) like 139, 80, 25, etc... ),
some users run DHCP, etc...

It would be wise to perform all the tests by yourself, on all the OSs on your own PC. Other users might have different results with the same settings with another provider for instance.

I remember, one or two years ago a discussion ( maybe with Phantom ?) about a leaktest on a FW : He passes with flying colours and I failed with the same settings : in fact after consulting his ISP it was filtered by the provider.

Rgds,

 

ok well, i understand, i will write my spec on the site, meanwhile :

Windows XP PRO + SP1 + all last update
Network Card 3Com 3C905C-TX (100Mbps LAN)
Internet Explorer 6
|
Gateway Linux
ADSL 512/128 Wanadoo (france)
Alcatel Speedtouch USB Modem
|
Internet

regards,

gkweb.

 

You must be in Reference to the discussions on Becky’s Look ‘n’ Stop Forum the other year… People was encountering anomaly where they would Leak using my rule-set when being Scanned or Flooded using TCP Flag packets, of course I stated that my rule-set is using specific method used to provide Maximum Security level that the Software Firewall could offer. So Frederic and I spent time over E-mail and ICQ working out a solution within 4days period he released another Look ‘n’ Stop version which supported TCP Flag Controls that I could work with in my rule-set.

Throughout the period I mentioned Invalid TCP Flag combinations would be filtered by my ISP which would stealth me against these, other users leaked when doing such tests. Whether I used Extra rules like “TCP: NULL, FIN, XMAS..” didn’t make any difference…

Btw; I never needed to consult my ISP about anything, they don’t know the difference between TCP and UDP Protocols…

 

Adding System Informatics may throw people off, possibly give the wrong idea that there needs to be special conditions order for Application Filtering Layer to function properly... And I don’t believe gkweb favours special conditions in order for Application Filtering Layer to function properly…

Whether you use

AMD
128MB of RAM
Internet Explorer

OR

Pentium
320MB of Ram
Opera

And specific Services Enabled or not and what’s currently running in the Background, Software Firewalls Application Filtering Layer should be fully securing.

I don’t see anything wrong with what gkweb is already doing, he asks for public results and then he verifies it himself on his local Machine. Preferably his Machine with no major modifications from the Default Win state, like no Service tweaking…

Thanks to gkweb I’ve been reading “special” conditions where Software Firewall’s Application Filtering Layer may not be passing the tests, and if I have anything to-do with this I would like to keep this on the roll…

Now I verified the results for Look ‘n’ Stop v2.04p2 are legit under Windows 2K/XP, however gkweb awhile back under certain condition Look ‘n’ Stop would fail TooLeaky when Opera browser is configured as your Default browser…

I’m not sure whether or not Look ‘n’ Stop’s Application Filtering Layer is still defective in this area, could you test under Win9x[me=Phant0m``]& Win2k/XP using Opera as your Default browser whether or not this still applies? [/me]

 

LOL we might need another chart for “certain conditions” where Application Filtering Layer fails…

 

Hi gkweb,

Just for my information :
You are running a Linux machine as gateway.
Why don't you use iptable and/or Freesco ?

Rgds,

 

@Jack
i do use it... but it can't provide me software filtering.

I have on it firewall (iptables), IDS (snort), proxy (squid), a good statistical tool (ntop), but all of that can't prevent trojan/spyware which phoning home from my own computer, i need local outbound filtering.

@Phant0m

phant0m said:

This is what i said when i said this :

gkweb said:

but it seems that few people wanted to know my specs, so at least it is written here
maybe someone was afraid that i do my test on Win 95 with Winsock v1.0

and about Opera, if me i write a new program which when it is started makes failed few firewall on few leaktests, is the cause is my program or firewall? what must be improved/fixed, my code or firewall?? good thinking, don't forgot to sleep

phant0m said:

you forget chart by provider, by modem brand ^^


regards,

gkweb.

 

I suggest you learn how to use Tiny 4.5 before you post test results. I use it along with Kerio and none of those exploits were successful. If you cinfigure tinys' sandbox properly they won't be able to run.